Jumat, 20 November 2009

Konfigurasi Proxy Server (squid) Linux Debian

nstall Proxy Server :


# beckz@debian:~$ apt-get install squid


2). Edit file konfigurasi Proxy Server :

# beckz@debian:~$ pico /etc/squid/squid.conf

# WELCOME TO SQUID 2.6.STABLE5

# —————————-

#

# This is the default Squid configuration file. You may wish

# to look at the Squid home page (http://www.squid-cache.org/)

# for the FAQ and other documentation.

#

# The default Squid config file shows what the defaults for

# various options happen to be. If you don’t need to change the

# default, you shouldn’t uncomment the line. Doing so may cause

# run-time problems. In some cases “none” refers to no default

# setting at all, while in other cases it refers to a valid

# option – the comments for that keyword indicate if this is the

# case.

#



# NETWORK OPTIONS

# —————————————————————————–


# TAG: http_port

# Usage: port [options]

# hostname:port [options]

# 1.2.3.4:port [options]

#

# The socket addresses where Squid will listen for HTTP client

# requests. You may specify multiple socket addresses.

# There are three forms: port alone, hostname with port, and

# IP address with port. If you specify a hostname or IP

# address, Squid binds the socket to that specific

# address. This replaces the old ‘tcp_incoming_address’

# option. Most likely, you do not need to bind to a specific

# address, so you can use the port number alone.

#

# The default port number is 3128.

#

# If you are running Squid in accelerator mode, you

# probably want to listen on port 80 also, or instead.

#

# The -a command line option will override the *first* port

# number listed here. That option will NOT override an IP

# address, however.

#

# You may specify multiple socket addresses on multiple lines.

# options are:

# transparent Support for transparent proxies

# vhost Accelerator using Host directive

# vport Accelerator with IP virtual host support

# vport= As above, but uses specified port number

# rather than the http_port number.

# defaultsite= Main web site name for accelerators.

# urlgroup= Default urlgroup to mark requests

# with (see also acl urlgroup and

# url_rewrite_program)

# protocol= Protocol to reconstruct accelerated

# requests with. Defaults to http.

# no-connection-auth

# Prevent forwarding of Microsoft

# connection oriented authentication

# (NTLM, Negotiate and Kerberos)

# tproxy Support Linux TPROXY for spoofing

# outgoing connections using the client


# If you run Squid on a dual-homed machine with an internal

# and an external interface we recommend you to specify the

# internal address:port in http_port. This way Squid will only be

# visible on the internal address.

#

# Squid normally listens to port 3128

http_port 3128 transparent “(Untuk menyetting transparent proxy)”






#Recommended minimum configuration:

acl all src 0.0.0.0/0.0.0.0

acl beckz src 192.168.13.0/255.255.255.0 “(Jaringan komputer server)”

acl becks dstdomain www.google.com “(Situs yang di blokir)”

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 # https

acl SSL_ports port 563 # snews

acl SSL_ports port 873 # rsync

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 631 # cups

acl Safe_ports port 873 # rsync

acl Safe_ports port 901 # SWAT

acl purge method PURGE

acl CONNECT method CONNECT




# Example rule allowing access from your local networks. Adapt

# to list your (internal) IP networks from where browsing should

# be allowed

#acl our_networks src 192.168.1.0/24 192.168.2.0/24

#http_access allow our_networks

http_access allow localhost

http_access allow beckz

http_access deny becks



# TAG: cache_mgr

# Email-address of local cache manager who will receive

# mail if the cache dies. The default is “webmaster”.

#

#Default:

cache_mgr beckz.net



# TAG: visible_hostname

# If you want to present a special hostname in error messages, etc,

# define this. Otherwise, the return value of gethostname()

# will be used. If you have multiple caches in a cluster and

# get errors about IP-forwarding you must set them to have individual

# names with this setting.

#

#Default:

visible_hostname beckz.net “(Hostname yang terlihat)”


# TAG: always_direct

# Usage: always_direct allow|deny [!]aclname …

#

# Here you can use ACL elements to specify requests which should

# ALWAYS be forwarded by Squid to the origin servers without using

# any peers. For example, to always directly forward requests for

# local servers ignoring any parents or siblings you may have use

# something like:

# NOTE: If your goal is to make the client forward the request

# directly to the origin server bypassing Squid then this needs

# to be done in the client configuration. Squid configuration

# can only tell Squid how Squid should fetch the object.

#

# NOTE: This directive is not related to caching. The replies

# is cached as usual even if you use always_direct. To not cache

# the replies see no_cache.

#

# This option replaces some v1.1 options such as local_domain

# and local_ip.

#

#Default:

always_direct allow all



3). Ketikkan perintah di bawah ini :


#beckz@debian:~$ iptables -A PREROUTING -t nat -p -m tcp -s 192.168.13.0/24 -d 0/0 \–dport 80 -j REDIRECT –to-port 3128



4). Jalankan Proxy Server :


beckz@debian:~$ /etc/init.d/squid restart



0 komentar:

g4nd1 cu_t3 © 2008 Por *Templates para Você*